President Biden is hosting virtual meetings this week with more than 30 countries to “accelerate cooperation to counter ransomware,” but the White House did not extend the invitation to Russia, senior administration officials said, noting that United States and the Kremlin have a “separate channel” where they “actively” discuss the matter.
Senior administration officials said the president’s meetings on Wednesday and Thursday are intended to build upon U.S. leadership in rallying allies and partners to address ransomware threats around the globe, which officials said have been increasing in “scale, sophistication and frequency” and have victimized governments, individuals and private companies around the globe.
The officials went on to outline the White House’s four-point strategy to tackle ransomware — disrupting ransomware actors; bolstering more resilience to withstand ransomware attacks; addressing abuse of virtual currency to launder ransomware payments; and leveraging international cooperation to disrupt the ransomware ecosystem.
Countries scheduled to attend the virtual meeting are Australia, Brazil, Bulgaria, Canada, Czech Republic, Dominican Republic, Estonia, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, the Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom and the European Union.
“Russia is not participating at this time,” a senior administration official said, adding that the administration has “a separate channel in which we’re actively discussing ransomware” with Russia.
Officials said that the president established a U.S.-Kremlin experts group for the U.S. to engage “directly” on the issue of ransomware.
“We do look to the Russian government to address ransomware criminal activity coming from actors within Russia,” an official said, adding that the Biden administration has “also shared information with Russia regarding criminal ransomware activity being conducted from its territory.”
“We’ve seen some steps by the Russian government, and are looking to see follow up actions and broader international cooperation is an important line of effort, because these are transnational criminal organizations,” an official said, adding that they “leverage global infrastructure and money laundering networks to carry out their attacks.”
Biden, during his summit in Geneva with Russian President Vladimir Putin in June, raised the issue of ransomware. Biden, at the time, said he told Putin that “certain critical infrastructure should be off limits to attack.” Biden said he gave a list of “16 specific entities defined as critical infrastructure,” saying it ranged from energy to water systems.
Putin, though, during his press conference after the meeting, denied that Russia was responsible for cyberattacks and instead claimed that the most cyberattacks in the world were carried out from the U.S.
But Biden administration officials stressed Tuesday that working with international partners is imperative to ensure the U.S. can disrupt attacks, including “the illicit use of virtual currency that really drives the growth of ransomware.”
Last month, the Treasury Department imposed sanctions on the virtual currency exchange SUEX OTC, S.R.O. after determining it had “facilitated transactions involving illicit proceeds” for at least eight ransomware variants.
The Biden administration has explained that some virtual currency exchanges have proven to be a “critical element” for ransomware, as virtual currency “is the principal means of facilitating ransomware payments and associated money-laundering activities.”
The Treasury Department’s Office of Foreign Assets Control’s designation of SUEX is the “first designation of a virtual currency exchange with complicity in criminal ransomware activity.” The Treasury Department said virtual currency exchanges, like SUEX, are “critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity.”
“Treasury will continue to disrupt and hold accountable these entities to reduce the incentive for cybercriminals to conduct these attacks,” the Treasury Department said, adding that the designation of SUEX was done in coordination with the FBI.
The Biden administration’s effort to strengthen cyber defenses comes after a string of ransomware attacks earlier this summer, with foreign malign actors targeting pieces of U.S. critical infrastructure.
In June, a ransomware assault shut down the U.S.-based meat plants of the world’s largest meatpacker, Brazil-based JBS. The White House said the hack was likely carried out by a criminal group based in Russia.
The attack on JBS came just weeks after the largest U.S. fuel pipeline, the East Coast’s Colonial Pipeline, was targeted by a criminal group originating in Russia.
Senior administration officials said the overall “optimal” approach is modernizing the national defense, federal government, state and local government and critical infrastructure, as well as the broader private sector so they are “modern enough to meet the threat.”
President Biden, in July, signed a national security memorandum directing his administration to develop cybersecurity performance goals for critical infrastructure in the U.S. – entities like electricity utility companies, chemical plants and nuclear reactors.
The memo also formally established Biden’s Cyber Security Initiative, a voluntary collaborative effort between the federal government and critical infrastructure entities to facilitate the deployment of technology and systems that provide threat visibility indicators and detections.
White House to host global anti-ransomware meeting; Russia not invited